1. Field
Apparatuses and methods consistent with exemplary embodiments relate generally to a mobile device management apparatus and method based on security policies, and to a management server for mobile device management. More particularly, they relate to an apparatus and method in which methods of controlling a mobile device for respective situations are predefined as security policies and which control the mobile device depending on details defined in the security policies. Moreover, the security policies define building blocks that are used so as to define situationally sensitive sets called profiles. The profiles are developed in correspondence with a predicted situation. Whenever a situation occurs, the corresponding profile or profiles are activated. Apparatuses and methods consistent with exemplary embodiments also relate to an apparatus which creates, maintains and changes security policies used in defining the methods of controlling the mobile device for respective situations, and which controls the mobile device.
2. Description of the Related Art
Mobile devices today have processing power and, hence, capabilities that make them usable for productive work in business and governmental enterprises. This trend promises only to increase in the coming years as the performance of mobile devices continues to improve. A related development, still in relative infancy, is that enterprises are beginning to take advantage of the aforementioned trend by creating applications or programs for use on mobile devices, thus allowing the members of the enterprise to use the program in their productive work.
However, as this use of mobile devices for productive work has begun to grow, there are increasing concerns that the pervasive data sharing technologies of the modern age might make it possible or even likely that the internal data of the enterprise might be undesirably exposed outside of the enterprise. Coexistent with these concerns is, therefore, a heightened interest in preventing information leakage due to mobile devices, and in maintaining the security of mobile devices. To this end, some companies are requiring employee mobile devices to be excluded from the workplace. A more employee-friendly alternative, however, is to require any employee mobile devices (whether company-issued or privately obtained) brought into the workplace or used for work-related communications/data to be equipped with a company-controlled management application.
One example of such a management application used in managing mobile devices may be seen in Korean Patent Application Publication No. 2010-0069107. This publication describes a configuration in which a Device Management command, which is related to the function and management operation of a terminal, is transferred from a device management server to the terminal. The terminal stores the device management command. Once the terminal has reached a state satisfying some condition, the terminal executes the command. In another example, Korean Patent Application Publication No. 2008-0070391 describes a configuration in which a mobile terminal receives an external control command. The control command is used as an input to an engine that is loaded to apply the control command. In this configuration, the engine is activated, and then controls the terminal in compliance with the control command.
The two examples just discussed use an approach in which designated policies are transmitted to a terminal in the form of commands which are stored and implemented depending on conditions. In such an approach, however, a server can implement a changed policies only by resetting existing policies and transmitting to the mobile device the replacement commands that implement the changed policies. Thus, to change the details of control, that is, details of the policies, depending on variations in the environment of the mobile device, new commands must frequently be transmitted to the mobile device.
Therefore, in the just-mentioned examples of mobile device management techniques, the server must implement a security policy change by transmitting to the mobile device a new set of commands, a situation that imposes on the server and the mobile device a frequent need for the communication of replacement commands to handle the variety of different environments in which the mobile device may be used. Moreover, in the just-mentioned examples of management techniques, it is impossible for the mobile device itself to change and apply differing security policies or to set security policies that respond to various differing situations; that is to say, the mobile device is completely dependent upon the server to transmit commands necessary to implement a policy that relates to a situation or environment for which the current set of commands is not precisely what is desired.